1---
2c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
3SPDX-License-Identifier: curl
4Title: CURLOPT_PROXY_SSL_CIPHER_LIST
5Section: 3
6Source: libcurl
7See-also:
8  - CURLOPT_PROXY_SSLVERSION (3)
9  - CURLOPT_PROXY_TLS13_CIPHERS (3)
10  - CURLOPT_SSLVERSION (3)
11  - CURLOPT_SSL_CIPHER_LIST (3)
12  - CURLOPT_TLS13_CIPHERS (3)
13Protocol:
14  - TLS
15TLS-backend:
16  - OpenSSL
17  - BearSSL
18  - Schannel
19  - Secure Transport
20  - wolfSSL
21  - mbedTLS
22  - rustls
23Added-in: 7.52.0
24---
25
26# NAME
27
28CURLOPT_PROXY_SSL_CIPHER_LIST - ciphers to use for HTTPS proxy
29
30# SYNOPSIS
31
32~~~c
33#include <curl/curl.h>
34
35CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SSL_CIPHER_LIST,
36                          char *list);
37~~~
38
39# DESCRIPTION
40
41Pass a char pointer, pointing to a null-terminated string holding the list of
42cipher suites to use for the TLS 1.2 (1.1, 1.0) connection to the HTTPS proxy.
43The list must be syntactically correct, it consists of one or more cipher suite
44strings separated by colons.
45
46For setting TLS 1.3 ciphers see CURLOPT_PROXY_TLS13_CIPHERS(3).
47
48A valid example of a cipher list is:
49~~~
50"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:"
51"ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305"
52~~~
53
54For Schannel, you can use this option to set algorithms but not specific
55cipher suites. Refer to the ciphers lists document for algorithms.
56
57Find more details about cipher lists on this URL:
58
59 https://curl.se/docs/ssl-ciphers.html
60
61The application does not have to keep the string around after setting this
62option.
63
64Using this option multiple times makes the last set string override the
65previous ones. Set it to NULL to disable its use again.
66
67# DEFAULT
68
69NULL, use internal built-in list.
70
71# %PROTOCOLS%
72
73# EXAMPLE
74
75~~~c
76int main(void)
77{
78  CURL *curl = curl_easy_init();
79  if(curl) {
80    CURLcode res;
81    curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
82    curl_easy_setopt(curl, CURLOPT_PROXY, "https://localhost");
83    curl_easy_setopt(curl, CURLOPT_PROXY_SSL_CIPHER_LIST,
84                     "ECDHE-ECDSA-CHACHA20-POLY1305:"
85                     "ECDHE-RSA-CHACHA20-POLY1305");
86    res = curl_easy_perform(curl);
87    curl_easy_cleanup(curl);
88  }
89}
90~~~
91
92# HISTORY
93
94OpenSSL support added in 7.52.0.
95wolfSSL, Schannel, Secure Transport, and BearSSL support added in 7.87.0
96mbedTLS support added in 8.8.0.
97Rustls support added in 8.10.0.
98
99Since curl 8.10.0 returns CURLE_NOT_BUILT_IN when not supported.
100
101# %AVAILABILITY%
102
103# RETURN VALUE
104
105Returns CURLE_OK if supported, CURLE_NOT_BUILT_IN otherwise.
106